MySQL Passwords & ETC directory
intitle:"Index of" config.php
This search brings up sites with
"config.php" files. To skip the
technical discussion, this
configuration file contains both a
username and a password for an
SQL database. Most sites with
forums run a PHP message base.
This file gives you the keys to that
forum, including FULL ADMIN
access to the database.
intitle:index.of.etc
This search gets you access to the
etc directory, where many, many,
many types of password files can
be found. This link is not as
reliable, but crawling etc
directories can be really fun!
Passwords in backup files
filetype:bak
inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by
some editors or even by the administrator himself
(before activating a new version). Every attacker
knows that changing the extension of a file on a
web server can have ugly consequences.